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IN THE CLAIMS: 



Claim 1. (currently amended) A system comprising: 

a plurality of certificate authorities (OAs) in which each CA 
maintains and distributes digital certificates revoked by itself in 
the form of a certificate revocation list <CRL) , and different CAs 
5 may use different CRL distribution mechanisms; 

multiple CRL retrieval agents configured to periodically 
retrieve CRLs at time intervals from different CAs using a plurality 
of CRL retrieval agents based on the CRL distribution mechanisms of 
CAs; 

10 a plurality of CRL databases for storing the consolidated CRLs 

from the multiple CRL retrieval agents and/or the replications of 
CRLs, the CRL databases storing at least one individually 
identifiable revoked digital certificate; and 

a CRL access user interface for providing a uniform set of 

15 Application Program Interfaces APIs for users accessing the CRLs in 
the CRL database, said system enabling consolidation and access of 
the certificate revocation lists (CRLs) from the plurality of 
certificate authorities (CAs) . 



Claim 2. (original) A system according to claim 1, wherein 
said plurality of CRL databases include a central CRL database and a 
plurality of CRL replication databases, said central CRL database for 
storing the consolidated CRLs from the multiple CRL retrieval agents, 
and said plurality of CRL replication databases for storing the 
replications of the CRLs of the central CRL database. 

Claim 3. (original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents include a LDAP/CRL retrieval 
agent, for periodically retrieving CRLs from specified LDAP servers 
and updating the CRL databases. 

Claim 4- (original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents include a HTTP/CRL retrieval 
agent, for periodically retrieving CRLs from specified HTTP servers 
and updating the CRL database. 

Claim 5. (currently amended) A system according to claim 

1, wherein said plurality of CRL retrieval agents include a 
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RFC1424/CRI. retrieval agents, for periodically sending RFCl ' l^q /CRL 
Request For Comments 1424 /Certificate-Revocation List retrieval 
5 request and receiving CRL retrieval reply. 

Claim 6. {original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents include a Http retrieval agent 
triggered by a HTTP request, said Http receiver agent verifies an 
authorization of the requester, if successful, said agent stores each 
5 transmitted CRL in the CRL databases. 

Claim 7. (original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents further verifies the integrity 
and the authenticity of the retrieved CRLs. 

Claim 8. (original) A system according to claim 1, wherein a 
particular replication architecture is used among said plurality of 
CRL databases in order to maintain database consistency. 

Claim 9. (previously presented) A system according to claim 2, 
wherein a hub-and- spoke replication architecture is used among said 
central CRL database and said plurality of CRL replication databases. 

Claim 10. (currently amended) A system according to claim 

1, wherein said system is also adapted for consolidating and accessing 
at least one kind of revoked certificate black list. 

Claim 11. (currently amended) In a secure network 

implemented by digital certificates, a method for certificate 
revocation list (CRL) consolidation and access, wherein a plurality 
of certificate authorities (CAs) maintain and distribute the digital 
5 certificates revoked by themselves in the form of CRLs, and different 
CAs may use different CRL distribution mechanisms, said method 
comprising the steps of; 

periodically retrieving CRLs at time intervals from different 
. CAs using creating a plurality of CRL retrieval agents based on the 
10 CRL distribution mechanisms of CAst — 

consolidating the CRLs from multiple CAs; 

storing the consolidated CRLs from multiple CRL retrieval 
agents or the replications of CRLs into a plurality of CRL databases, 
the consolidated CRLs including at least one individually 
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15 identifiable revoked digital certificate; and 

accessing the CRLs from the CRL databases by a uniform set of 
APiD Application Program Interfaces . 

Claim 12. (original) A method according to claim 11, said 
plurality of CRL databases include a central CRL database and a 
plurality of CRL replication database, said central CRL database for 
storing the consolidated CRLs from multiple CRL retrieval agents and 
5 said plurality of CRL replication database for storing the 
replications of the CRLs of the central database. 

Claim 13- (currently amended) A method according to claim 

11, wherein said method is also adapted for consolidation and 
accessing all kinds of revoked certificate black lists. 

Claim 14. {previously presented) An article of manufacture 
comprising a computer usable medium having computer readable program 
code means embodied therein for causing certificate revocation list 
(CRL) consolidation and access, the computer readable program code 
5 means in said article of manufacture comprising computer readable 
program code means for causing a computer to effect the steps of 
claim 11 . 

Claim 15. (original) A computer program product comprising a 
computer usable medium having computer readable program code means 
embodied therein for causing certificate revocation list (CRL) 
consolidation and access, the computer readable program code means in 
5 said computer program product comprising computer readable program 
code means for causing a computer to effect the steps of claim 11. 

Claim 17. (original) A program storage device readable by 
machine, tangibly embodying a program of instructions executable by 
the machine to perform method steps for certificate revocation list 
(CRL) consolidation and access, said method steps comprising the 
5 steps of claim 11. 

Claim 18. (currently amended) A method comprising: 

employing a secure network implemented by digital certificates 
for certificate revocation list (CHL) consolidation and access, with 
a plurality of certificate authorities (CAs) maintaining and 
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5 distributing the digital certificates revoked by themselves in the 
form of CRLs, wherein different CAs may use different CRL 
distribution mechanisms, including the steps of: 

creating a plurality of CRL retrieval agents based on the CRL 
distribution mechanisms of CAs, the retrieval age nts configured to 
10 periodically retrieve CRLs at time intervals from the diffe rent CAs 
and for conoolidat ing - to consolidate the CRLs from multiple CAs; 

storing the consolidated CRLs from multiple CRL retrieval 
agents or the replications of CRLs into a plurality of CRL databases, 
the consolidated CRLs including at least one individually 
15 identifiable revoked digital certificate; and 

accessing the CBLs form the CRL databases by a uniform set of 
API - 9 - Application Program Interfaces . 

Claim 19. (original) A program storage device readable by 
machine, tangibly embodying a program of instructions executable by 
the machine to perform method steps for certificate revocation list 
(CRL) consolidation and access, said method steps comprising the 

5 steps of claim 18 . 

Claim 20. (original) An article of manufacture comprising a 
computer usable medium having computer readable program code means 
embodied therein for causing certificate revocation list (CRL) 
consolidation and access, the computer readable program code means in 

5 said article of manufacture comprising computer readable program code 
means for causing a computer to effect the steps of claim 18. 

Claim 21. (original) A computer program product comprising a 
computer usable medium having computer readable program code means 
embodied therein for causing certificate revocation list (CRL) 
consolidation and access, the computer readable program code means in 
said computer program product comprising computer readable program 
code means for causing a computer to effect the steps of claim 18. 
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